REPORT ON COST ESTIMATES FOR SECURITY CLASSIFICATION ACTIVITIES FOR 2005

Similar documents
Department of Defense INSTRUCTION. SUBJECT: DoD Information Security Program and Protection of Sensitive Compartmented Information

Protection of Classified National Intelligence, Including Sensitive Compartmented Information

Department of Defense DIRECTIVE. DoD Executive Agent (EA) for the DoD Cyber Crime Center (DC3)

DODEA ADMINISTRATIVE INSTRUCTION , VOLUME 1 DODEA PERSONNEL SECURITY AND SUITABILITY PROGRAM

GAO INDUSTRIAL SECURITY. DOD Cannot Provide Adequate Assurances That Its Oversight Ensures the Protection of Classified Information

August Initial Security Briefing Job Aid

SUMMARY FOR CONFORMING CHANGE #1 TO DoDM , National Industrial Security Program Operating Manual (NISPOM)

PREPARATION OF A DD FORM 254 FOR SUBCONTRACTING. Cal Stewart ISP

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 7 R-1 Line #73

DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON, DC

Department of Defense DIRECTIVE

EXECUTIVE ORDER 12333: UNITED STATES INTELLIGENCE ACTIVITIES

INTELLIGENCE COMMUNITY DIRECTIVE NUMBER 501

Department of Defense INSTRUCTION

Security Classification Guidance v3

Department of Defense MANUAL

Security Asset Protection Professional Certification (SAPPC) Competency Preparatory Tools (CPT)

Department of Defense DIRECTIVE

NATO SECURITY INDOCTRINATION

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

REPORT to the PRESIDENT. NATIONAL ARCHIVES and RECORDS ADMINISTRATION

Personnel Clearances in the NISP

Student Guide Course: Original Classification

DEPARTMENT OF HOMELAND SECURITY REORGANIZATION PLAN November 25, 2002

Department of Defense DIRECTIVE. SUBJECT: Unauthorized Disclosure of Classified Information to the Public

Department of Defense DIRECTIVE

PRIVACY IMPACT ASSESSMENT (PIA) For the

DEPUTY INSPECTOR GENERAL FOR INTELLIGENCE AND SPECIAL PROGRAM ASSESSMETS

February 11, 2015 Incorporating Change 4, August 23, 2018

DEPARTMENT OF DEFENSE (DoD) INITIAL TRAINING GUIDE

DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON, D.C

Department of Defense DIRECTIVE

For Immediate Release October 7, 2011 EXECUTIVE ORDER

Subj: DEPARTMENT OF THE NAVY (DON) INFORMATION SECURITY PROGRAM (ISP) INSTRUCTION

AGENCY: Transportation Security Administration (TSA), Department of Homeland

SUITABILITY AND SECURITY PROCESSES REVIEW REPORT TO THE PRESIDENT FEBRUARY 2014

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION

Department of Defense Defense Commissary Agency Fort Lee, VA DIRECTIVE. Records Management Program

Department of Defense DIRECTIVE. SUBJECT: Information Assurance Training, Certification, and Workforce Management

Department of Health and Human Services (HHS) National Security Information Manual, February 1, 2005

Department of Defense DIRECTIVE

Army Regulation Security. Department of the Army. Information Security Program. Headquarters. Washington, DC 29 September 2000 UNCLASSIFIED

Department of Defense INSTRUCTION

DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON, DC

Department of Defense

Department of Defense DIRECTIVE. Department of Defense Human Resources Activity (DoDHRA)

Department of Defense DIRECTIVE

Department of Defense

COMMUNICATIONS SECURITY MONITORING OF NAVY TELECOMMUNICATIONS AND INFORMATION TECHNOLOGY SYSTEMS

UNITED STATES FOREIGN INTELLIGENCE SURVEILLANCE COURT WASHINGTON, D.C. PRIMARY ORDER. A verified application having been made by the Director of

Department of Defense DIRECTIVE

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON, DC

PERSONNEL SECURITY CLEARANCES

THE NATIONAL DECLASSIFICATION. Releasing What We Can, Protecting What We Must

2005 REPORT to THE PRESIDENT INFORMATION SECURITY OVERSIGHT OFFICE

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

A Guide. Preparation. DD Form 254. for the. of a. National Classification Management Society. Defense Security Service

PRIVACY IMPACT ASSESSMENT (PIA) For the

Department of Defense INSTRUCTION. DoD Unclassified Controlled Nuclear Information (UCNI)

This publication is available digitally on the AFDPO WWW site at:

Department of Defense DIRECTIVE

Declassification Options and Requirements

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

Department of Defense DIRECTIVE

OFFICE OF THE DIRECTOR OF NATION At INTELLIGENCE WASHINGTON, DC 20511

Department of Defense INSTRUCTION. 1. PURPOSE. This Instruction, issued under the authority of DoD Directive (DoDD) 5144.

Export-Controlled Technology at Contractor, University, and Federally Funded Research and Development Center Facilities (D )

Supply Chain Risk Management

Department of Homeland Security Management Directives System MD Number: Issue Date: 06/29/2004 PORTABLE ELECTRONIC DEVICES IN SCI FACILITIES

INSIDER THREATS. DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems

FSO Role in the NISP. Student Guide. Lesson 1: Course Introduction. Course Information. Course Overview

Chapter 9 Legal Aspects of Health Information Management

NG-J2 CNGBI A CH 1 DISTRIBUTION: A 07 November 2013

Department of Defense INSTRUCTION

SECURITY OF CLASSIFIED MATERIALS W130119XQ STUDENT HANDOUT

Department of Defense INSTRUCTION

PRIVACY IMPACT ASSESSMENT (PIA) For the

Defense Security Service Intelligence Oversight Awareness Training Course Transcript for CI

1. Functions of the Air Force SCI Security Program and the Special Security Officer (SSO) System.

Question Distractors References Linked Competency

Defense Security Service Academy OCA Desk Reference Guide

Introduction to Industrial Security, v3

Department of Defense DIRECTIVE. SUBJECT: Department of Defense Unclassified Controlled Nuclear Information (DoD UCNI)

Department of Defense DIRECTIVE

Department of Defense MANUAL

DEFENSE INFORMATION SYSTEMS AGENCY P. O. BOX 549 FORT MEADE, MARYLAND POLICIES. Support Agreements

Department of Defense DIRECTIVE

The DD254 & You (SBIR)

NG-J3/7 CNGBI DISTRIBUTION: A 31 October 2014 CONTINUITY OF OPERATIONS (COOP) PROGRAM POLICY

Student Guide: North Atlantic Treaty Organization

DEPARTMENT OF HOMELAND SECURITY Federal Emergency Management Agency U.S. Fire Administration

UNCLASSIFIED. UNCLASSIFIED Air Force Page 1 of 5 R-1 Line #199

This publication is available digitally on the AFDPO WWW site at:

INTERNATIONAL INDUSTRIAL SECURITY REQUIREMENTS GUIDANCE ANNEX

National Security Agency

Department of Defense INSTRUCTION. SUBJECT: Security of Unclassified DoD Information on Non-DoD Information Systems

This page left blank.

TOP S:BCRETHCOM-I:NTh'NOFO~l

Overview of Electronic Security Systems

Transcription:

REPORT ON COST ESTIMATES FOR SECURITY CLASSIFICATION ACTIVITIES FOR 2005 BACKGROUND AND METHODOLOGY As part of its responsibilities to oversee agency actions to ensure compliance with Executive Order 12958, as amended, Classified National Security Information, and Executive Order 12829, as amended, National Industrial Security Program, (NISP), the Information Security Oversight Office (ISOO) annually reports to the President on the estimated costs associated with the implementation of these Orders. This marks the 11th year of reporting these costs for security classification activities to include safeguarding requirements. In the past, the costs for the implementation of the programs to classify, safeguard and declassify national security information were deemed non-quantifiable, intertwined with other overhead expenses. While portions of the program s costs remain ambiguous, ISOO continues to collect cost estimate data and to monitor the methodology used for its collection. Requiring agencies to provide exact responses to the cost collection efforts would be cost prohibitive. Consequently, ISOO relies on the agencies to estimate the costs of the security classification system. The collection methodology has remained stable over the past 11 years, providing a good indication of the trends in total cost. Nonetheless, it is important to note that absent any security classification activity, many of the expenditures reported herein would continue to be made in order to address other, overlapping security requirements. The data presented in this report for Government were collected by categories based on common definitions developed by an executive branch working group. The categories are defined below. Personnel Security: A series of interlocking and mutually supporting program elements that initially establish a Government or contractor employee s eligibility, and ensure suitability for the continued access to classified information.

2 Physical Security: That portion of security concerned with physical measures designed to safeguard and protect classified facilities and information, domestic or foreign. Information Security: Includes three subcategories: Classification Management: The system of administrative policies and procedures for identifying, controlling and protecting classified information from unauthorized disclosure, the protection of which is authorized by Executive order or statute. Classification management encompasses those resources used to identify, control, transfer, transmit, retrieve, inventory, archive, or destroy classified information. Declassification: The authorized change in the status of information from classified information to unclassified information. It encompasses those resources used to identify and process information subject to the automatic, systematic or mandatory review programs authorized by Executive order or statute. Information Systems Security for Classified Information: An information system is a set of information resources organized for the collection, storage, processing, maintenance, use, sharing, dissemination, disposition, display, or transmission of information. Security of these systems involves the protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats. It can include, but is not limited to, the provision of all security features needed to provide an accredited system of protection for computer hardware and software, and classified information, material, or processes in automated systems. Professional Education, Training and Awareness: The establishment, maintenance, direction, support and assessment of a security training and awareness program; the certification and approval of the training program; the development, management, and maintenance of training records; the training of personnel to perform tasks associated with their duties; and qualification and/or certification of personnel before assignment of security responsibilities related to classified information. Security Management and Planning: Development and implementation of plans, procedures and actions to accomplish policy requirements, develop budget and resource requirements, oversee organizational activities and respond to management requests related to classified information. Unique Items: Those department-or agency-specific activities that are not reported in any of the primary categories but are nonetheless significant and need to be included. SURVEY RESULTS AND INTERPRETATION The total security classification cost estimates within Government for FY 2005 is $7.7 billion. This figure represents estimates provided by 41 executive branch agencies, including the

3 Department of Defense. It does not include, however, the cost estimates of the Central Intelligence Agency (CIA), which that agency has classified. Government Security Classification Costs Estimate Fiscal Year 2005 Total $7.7 Billion Personnel Security $1.15 Billion Physical Security Information Security $1 Billion $4 Billion Classification Management $310 Million Declassification $57 Million Professional Education & Training $219 Million Security Management & Planning $1.2 Billion Information Technology $3.6 Billion Unique $6.6 Million 0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6 6.5 7 7.5 8 8.5 A joint Department of Defense (DoD) and industry group developed a cost collection methodology for those costs associated with the use and protection of classified information within industry. Because industry accounts for its costs differently than Government, cost estimate data are not provided by category. Rather, a sampling method was applied that included volunteer companies from four different categories of facilities. The category of facility is based on the complexity of security requirements that a particular company must meet in order to hold and perform under a classified contract with a Government agency. The 2005 cost estimate totals for industry pertain to the twelve-month accounting period for the most recently completed fiscal year of each company that was part of the industry sample. For most of the companies included in the sample, December 31, 2005, was the end of their fiscal year. The estimate of total security classification costs for 2005 within industry was $1.5 billion. The Government cost estimate for FY 2005 is $7.7 billion, which is a $420 million, or 5.8 percent increase above the cost estimates reported for FY 2004. The industry estimate is up by $696 million. This makes the total 2005 cost estimate for Government and industry $9.2 billion, which is $1.2 billion more than the total FY 2004 cost estimate for Government and industry.

4 GRAPH COMPARING TOTAL COSTS FOR GOVERNMENT AND INDUSTRY FOR FY 1995-2005 in Billions $ 10 9 8 7 6 5 4 3 2 1 0 Government Industry Total FY 1995 FY 1996 FY 1997 FY 1998 FY 1999 FY 2000 FY 2001 FY 2002 FY 2003 FY 2004 FY 2005 The main driver of the FY 2005 increase was Physical Security category which was up 348 million or 50 percent. Similar to the reason for last year s increase, the fortified homeland defense posture being adopted by many agencies in response to the September 11, 2001 terrorist attacks generated most of the costs associated with this category. In the FY 2004 cost estimate report, we noted that many agencies were procuring secure facilities and communications systems that they never had in the past. A number of agencies were in the process of building Sensitive Compartmented Information Facilities (SCIFs) and emergency operational control centers. In the FY 2005 cost analysis narratives agencies continue to report new requirements for the construction and equipping of SCIFs. They also report requirements for additional security containers and for systems to protect national security information. Further, a significant number of agencies are upgrading protection for field facilities to include intrusion detection and access control systems, secure communication systems, and increases in number and salary requirements for an enlarged, better equipped, and better trained guard force. Along with this many agencies are still dealing with the requirement to develop Continuity of Operations (COOP) sites, which in turn generates the need for more secure facilities and communications. After Physical security the next largest increase came from the Personnel Security category which was up by 207 million or 22 percent. A significant number of agencies report a rise in personnel security costs due to substantially increased investigation and reinvestigation requirements. Additionally, the requirement to implement the newly established standards for Personal Identity Verification (PIV) throughout the executive branch by October 2006 is still in progress and has necessitated increased expenditures. One noteworthy development was that Professional Education, Training, and Awareness increased by $41 million or 23 percent. Similar to last year, agencies reported significant

5 emphasis on the development of new information security training products that are capable of reaching wider audiences. Several reported the utilization of private industry experts to assist with design, development, implementation, and management of training programs. These programs include both initial and refresher security training along with physical security, courier, program management, professional development, industrial security, and communications security courses. Another noteworthy development was that cost estimates for Declassification programs increased by $57 million or 18 percent. A few agencies have discovered that previous planning has not adequately prepared them to meet current and future declassification mandates, and are now allocating increased funds and dedicating additional manpower to this vital program element. The Security Management, Oversight, and Planning category experienced an increase of $67 million or 5.9 percent.. There are various reasons for the increase, such as relocation and changes in mission, acquiring additional personnel to conduct reviews and monitor policy compliance, automation of security processes, notably forms, policies, issues, and publications. There is a continued emphasis on planning for SCIF and collateral facility construction, augmenting information security training programs, security manpower, and the development of databases to track program elements, such as training, facility and system accreditations, SCI clearances, and security equipment. CONCLUSION The rate of increase in the security cost estimates reported by the Executive branch agencies continues to slow, which suggests a stabilization of the surge in security requirements and programs generated by the homeland defense concerns in the post-2001 environment. The DoD, as Executive Agent for the National Industrial Security Program, was unable to provide a specific explanation for the large increase in the industry cost estimate, due to the methodology used to collect these data which does not provide for the inclusion of textual comments or explanations.

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback